This handles the most common case
- http:// –> https://www.
- https:// –> https://www.
- Restrict Proxy by IP
# Redirect to www if no sub-domain
RewriteCond %{HTTP_HOST} ^([^.]+)\.([^.]+)$
RewriteRule ^ https://www.%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
# Redirect to https
RewriteCond %{HTTP_HOST} ^www\.([^.]+)\.([^.]+)$ [NC]
# if use direct server, turn on this
# RewriteCond %{HTTPS} !=on
# if use cloudflare with flexible SSL, turn on this
RewriteCond %{HTTP:X-Forwarded-Proto} !https
RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
# Deny Unauthorized domain
RewriteCond %{SERVER_NAME} !^www\.your\.domain$
# RewriteCond %{SERVER_NAME} !^123\.456\.789\.001$
RewriteRule ^ - [F,L]